CVE DATABASE / CVE-2004-0213
CVE-2004-0213
CVSS 7.8 · HIGH
Summary
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Microsoft windows 2000
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=108975382413405&w=2
- http://www.kb.cert.org/vuls/id/868580
- http://www.us-cert.gov/cas/techalerts/TA04-196A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16592
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.